Lucene search
K

190 matches found

CVE
CVE
added 2026/06/14 5:21 p.m.48 views

CVE-2026-54411

Linux-PAM up to 1.7.2 is affected by a timing side-channel in the pam_userdb plaintext-password comparison path (modules/pam_userdb/pam_userdb.c). When configured with crypt=none, an unrecognized crypt method, or without a crypt= argument, credentials are stored/compared in plaintext. The compari...

8.2CVSS5.4AI score0.00321EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.9 views

EulerOS 2.0 SP11 : util-linux (EulerOS-SA-2026-2231)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the...

5.3CVSS5.5AI score0.00436EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/21 1:12 p.m.10 views

CVE-2026-44073

A flaw was found in Netatalk. A remote attacker with low privileges could exploit a vulnerability where the seteuid system call failure is ignored within authentication modules. This oversight may allow the attacker to perform unauthorized actions, leading to a low impact on confidentiality,...

5CVSS5.8AI score0.00277EPSS
Exploits0References2
NVD
NVD
added 2026/05/21 8:16 a.m.24 views

CVE-2026-44073

Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid, which may allow a remote authenticated attacker to retain elevated privileges under error conditions...

5CVSS0.00277EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 7:35 a.m.8 views

CVE-2026-44073 seteuid failure ignored in auth modules

Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid, which may allow a remote authenticated attacker to retain elevated privileges under error conditions...

5CVSS5.8AI score0.00277EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 7:35 a.m.33 views

CVE-2026-44073

Netatalk 1.5.0–4.4.2 contains a vulnerability where seteuid() return values were not checked in authentication modules, potentially allowing a remote authenticated attacker to retain elevated privileges under error conditions. The issue is fixed in Netatalk 4.5.0. Impact is described as elevation...

5CVSS5.8AI score0.00277EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/08 8:41 a.m.35 views

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module PAM-based post-exploitation toolkit...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/15 6:35 p.m.7 views

CVE-2026-6245

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/15 6:35 p.m.66 views

CVE-2026-6245 Sssd: out-of-bounds read in the sssd

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

5.5CVSS0.00141EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/03 9:31 p.m.7 views

EUVD-2026-18817

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

3.7CVSS5.9AI score0.00436EPSS
Exploits0References3
OSV
OSV
added 2026/04/03 7:17 p.m.5 views

UBUNTU-CVE-2026-3184

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

5.3CVSS5.8AI score0.00436EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/03 6:43 p.m.5 views

CVE-2026-3184

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

3.7CVSS5.9AI score0.00436EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/03/23 4:48 p.m.7 views

Security update for util-linux

This update for util-linux fixes the following issues: CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for "login -h" bsc1258859. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.3CVSS5.8AI score0.00436EPSS
Exploits0References4
NVD
NVD
added 2026/03/20 1:16 p.m.4 views

CVE-2026-4434

Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...

8.1CVSS0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.6 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.15 contained a security vulnerability caused by improper execution of...

9.8CVSS5.9AI score0.00447EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: pam (CVE-2024-10963)

The version of pam installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10963 advisory. - A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostname...

7.4CVSS8.1AI score0.00798EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : pam-1.1.1-13.AXS4 (AXSA:2013-122:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-122:01 advisory. PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to...

4.6CVSS7AI score0.00696EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

MiracleLinux 4 : pam-1.1.1-20.AXS4.1 (AXSA:2015-439:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-439:01 advisory. PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile...

6.5CVSS6.1AI score0.02705EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2026/01/14 9:14 a.m.9 views

pam security update

An update is available for pam. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Pluggable Authentication Modules PAM provide a system to set up authentication...

7.8CVSS6.8AI score0.00399EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

MiracleLinux 3 : pam-0.99.6.2-6.2.0.1.AXS3 (AXSA:2010-484:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-484:02 advisory. PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to...

6.9CVSS5.5AI score0.00416EPSS
Exploits0References4
Rows per page
Query Builder